|
|
#1
25 marzo 2008, 08:58
|
|||
|
|||
Trojan Horse
Ciao,
Ho un problema con un Trojan Horse. Messaggio di avviso è 'C: \ windows \ system32 \ crypt32n.dll TROJAN HORSE BHO.CVX Ho eseguito AVG e identifica il file che si muove tom volta, ma per re-boot è ancora lì. Ho cercato di eliminare il file in Windows che non è riuscita. Ho provato a rinominarlo in Windows (in vista di eliminarlo) che non è riuscita. Ho cercato di tornare indietro e re-impostare il mio computer, ma non posso tornare indietro oltre l'inizio del mese e ho avuto fin da prima di Natale. Il mio PC sembra essere ok, ma sono ancora preoccupato per il fatto che ho un virus! C'è qualcosa che posso fare? Aiuto molto apprezzato saluti Ian A |
|
#2
25. Marzo 2008, 10:47
|
|||
|
|||
Trojan Horse
Benvenuti a CJ.
__________________
 |
|
#3
25. Marzo 2008, 14:33
|
|||
|
|||
|
Trojan Horse
Ciao Evil Fantansy
Ho provato questo, all'inizio del mese è il log. Speriamo che questo significa qualcosa per voi Le mie dita sono incrociate Ta Ian A StartupList relazione, 05/03/2008, 14:49:42 StartupList versione: 1.52.2 Iniziata da: C: \ Documents and Settings \ iana \ Desktop \ HijackThis.EXE Riconosciuto: Windows XP SP2 (WinNT 5.01.2600) Riconosciuto: Internet Explorer v7.00 (7.00.6000.16608) * Utilizzando le opzioni predefinite * Compresa la vuota e priva di interesse sezioni * Risultati raramente importante sezioni ==========================================\u0 Processi in esecuzione: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ brsvc01a.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ WINDOWS \ system32 \ brss01a.exe C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ Explorer.EXE C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe C: \ Program Files \ Toshiba \ Windows Utilities \ Hotkey.exe C: \ WINDOWS \ system32 \ TPSMain.exe C: \ Program Files \ Synaptics \ SynTP \ Toshiba.exe C: \ Program Files \ TOSHIBA \ ConfigFree \ NDSTray.exe C: \ WINDOWS \ system32 \ TPSBattM.exe C: \ Program Files \ TOSHIBA \ TOSHIBA Zoommare Utility \ SmoothView.exe C: \ Program Files \ TOSHIBA \ Touch e Launch \ PadExe.exe C: \ WINDOWS \ System32 \ DLA \ DLACTRLW.EXE C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSServ.exe C: \ Program Files \ Atheros \ ACU.exe C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe C: \ Program Files \ QuickTime \ qttask.exe C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe C: \ Program Files \ TOSHIBA \ ConfigFree \ CFXFER.exe C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ OpwareSE2.exe C: \ Program Files \ TOSHIBA \ TOSCDSPD \ toscdspd.exe C: \ WINDOWS \ system32 \ ctfmon.exe C: \ Program Files \ Messenger \ msmsgs.exe C: \ Program Files \ FinePixViewer \ QuickDCF.exe C: \ Documents and Settings \ iana \ Desktop \ HijackThis.exe -------------------------------------------------- Elenco delle cartelle di avvio: Shell cartelle di avvio: [C: \ Documents and Settings \ iana \ Menu Avvio \ Programmi \ Startup] * Nessun file * Shell cartelle AltStartup: Cartella non trovata * * Le cartelle di avvio della shell di un utente: Cartella non trovata * * User Shell Folders AltStartup: Cartella non trovata * * Shell cartelle comune di avvio: [C: \ Documents and Settings \ All Users \ Menu Avvio \ Programmi \ Startup] Exif Launcher.lnk = C: \ Program Files \ FinePixViewer \ QuickDCF.exe Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office \ OSA9.exe Shell cartelle AltStartup comune: Cartella non trovata * * User Shell Folders comune di avvio: Cartella non trovata * * User Shell Folders comune di avvio alternativo: Cartella non trovata * * -------------------------------------------------- Controllo di Windows NT Userinit: [HKLM \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon] Userinit = C: \ WINDOWS \ system32 \ userinit.exe, [HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Win logon] * Chiave del Registro di sistema non trovato * [HKCU \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon] Registro * * valore non trovato [HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Win logon] * Chiave del Registro di sistema non trovato * -------------------------------------------------- Le voci di autorun da registro: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run SynTPEnh = C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe Toshiba Hotkey Utility = "C: \ Program Files \ Toshiba \ Windows Utilities \ Hotkey.exe" / lang it TPSMain = TPSMain.exe NDSTray.exe = NDSTray.exe SmoothView = C: \ Program Files \ TOSHIBA \ TOSHIBA Zoommare Utility \ SmoothView.exe PadTouch = C: \ Program Files \ TOSHIBA \ Touch e Launch \ PadExe.exe DLA = C: \ WINDOWS \ System32 \ DLA \ DLACTRLW.EXE CFSServ.exe = CFSServ.exe-NoClient REGSHAVE = C: \ Program Files \ REGSHAVE \ REGSHAVE.EXE / AUTORUN ACU = "C: \ Program Files \ Atheros \ ACU.exe"-nogui TkBellExe = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot QuickTime Task = "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime ! AVG Anti-Spyware = "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe" / minimizzate AVG7_CC = C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP SunJavaUpdateSched = "C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe" Salestart = "C: \ Program Files \ Common Files \ AVSystemCare \ bm.exe" dm = http://avsystemcare.com; annuncio = http://avsystemcare.com Adobe Reader Speed Launcher = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" OpwareSE2 = "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ OpwareSE2.exe" OPSE promemoria = "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ EregEng \ Ereg.exe"-r "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ EregEng \ ereg.ini" -------------------------------------------------- Le voci di autorun da registro: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Dopo * N. valori trovato * -------------------------------------------------- Le voci di autorun da registro: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run OnceEx * N. valori trovato * -------------------------------------------------- Le voci di autorun da registro: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Servizi * N. valori trovato * -------------------------------------------------- Le voci di autorun da registro: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run ServicesOnce * N. valori trovato * -------------------------------------------------- Le voci di autorun da registro: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run TOSCDSPD = C: \ Program Files \ TOSHIBA \ TOSCDSPD \ toscdspd.exe ctfmon.exe = C: \ WINDOWS \ system32 \ ctfmon.exe PnPUI Registrator = C: \ Program Files \ Common Files \ Sitecom Shared \ PnP Universal Installer \ PnPUIReg.exe-s MSMSGS = "C: \ Program Files \ Messenger \ msmsgs.exe" / background -------------------------------------------------- Le voci di autorun da registro: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Dopo * N. valori trovato * -------------------------------------------------- Le voci di autorun da registro: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run OnceEx * N. valori trovato * -------------------------------------------------- Le voci di autorun da registro: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Servizi * N. valori trovato * -------------------------------------------------- Le voci di autorun da registro: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run ServicesOnce * N. valori trovato * -------------------------------------------------- Le voci di autorun da registro: HKLM \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Run * Chiave del Registro di sistema non trovato * -------------------------------------------------- Le voci di autorun da registro: HKCU \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Run * Chiave del Registro di sistema non trovato * -------------------------------------------------- Autorun entries in sottochiavi del Registro di sistema di: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run [OptionalComponents] = -------------------------------------------------- Autorun entries in sottochiavi del Registro di sistema di: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Dopo [Setup] * N. valori trovato * -------------------------------------------------- Autorun entries in sottochiavi del Registro di sistema di: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run OnceEx * N. sottochiavi trovato * -------------------------------------------------- Autorun entries in sottochiavi del Registro di sistema di: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Servizi * N. sottochiavi trovato * -------------------------------------------------- Autorun entries in sottochiavi del Registro di sistema di: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run ServicesOnce * N. sottochiavi trovato * -------------------------------------------------- Autorun entries in sottochiavi del Registro di sistema di: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run * N. sottochiavi trovato * -------------------------------------------------- Autorun entries in sottochiavi del Registro di sistema di: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Dopo [Setup] * N. valori trovato * -------------------------------------------------- Autorun entries in sottochiavi del Registro di sistema di: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run OnceEx * N. sottochiavi trovato * -------------------------------------------------- Autorun entries in sottochiavi del Registro di sistema di: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Servizi * N. sottochiavi trovato * -------------------------------------------------- Autorun entries in sottochiavi del Registro di sistema di: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run ServicesOnce * N. sottochiavi trovato * -------------------------------------------------- Autorun entries in sottochiavi del Registro di sistema di: HKLM \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Run * Chiave del Registro di sistema non trovato * -------------------------------------------------- Autorun entries in sottochiavi del Registro di sistema di: HKCU \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Run * Chiave del Registro di sistema non trovato * -------------------------------------------------- File di associazione per l'ingresso. EXE: HKEY_CLASSES_ROOT \ exefile \ shell \ open \ command (Default) = "% 1"% * -------------------------------------------------- File di associazione per l'ingresso. COM: HKEY_CLASSES_ROOT \ comfile \ shell \ open \ command (Default) = "% 1"% * -------------------------------------------------- File di associazione per l'ingresso. BAT: HKEY_CLASSES_ROOT \ batfile \ shell \ open \ command (Default) = "% 1"% * -------------------------------------------------- File di associazione per l'ingresso. PIF: HKEY_CLASSES_ROOT \ piffile \ shell \ open \ command (Default) = "% 1"% * -------------------------------------------------- File di associazione per l'ingresso. SCR: HKEY_CLASSES_ROOT \ scrfile \ shell \ open \ command (Default) = "% 1" / S -------------------------------------------------- File di associazione per l'ingresso. HTA: HKEY_CLASSES_ROOT \ htafile \ shell \ open \ command (Default) = C: \ WINDOWS \ system32 \ Mshta.exe "% 1"% * -------------------------------------------------- File di associazione per l'ingresso. TXT: HKEY_CLASSES_ROOT \ NetLog.Document \ shell \ open \ virgola nd (Default) = C: \ EPICOM ~ 1,02 \ EPICom2.02 \ EPICOM ~ 1.EXE / DDE -------------------------------------------------- Enumerazione Active Setup stub percorsi: HKLM \ Software \ Microsoft \ Active Setup \ Installed Components (* = Disabili da HKCU twin) [<(12d0ed0d-0ee0-4f90-8827-78cefb8f4988)] * Stubpath = C: \ WINDOWS \ system32 \ ieudinit.exe [> (22d6f312-b0f6-11d0-94ab-0080c74c7e95)] Stubpath = C: \ WINDOWS \ inf \ unregmp2.exe / ShowWMP [> (26923b43-4d38-484f-9b9e-de460746276c)] * Stubpath = C: \ WINDOWS \ system32 \ ie4uinit.exe-UserIconConfig [> (881dd1c5-3dcf-431b-b061-f3f88e8be88a)] * Stubpath =% systemroot% \ system32 \ shmgrate.exe OCInstallUserConfigOE [(2C7339CF-2B09-4501-B3F3-F3508C9228ED)] * Stubpath =% SystemRoot% \ system32 \ regsvr32.exe / s / n / i: / UserInstall% SystemRoot% \ system32 \ themeui.dll [(44BBA840-CC51-11CF-AAFA-00AA00B6015C)] * Stubpath = "% ProgramFiles% \ Outlook Express \ setup50.exe" / APP: OE / CHIAMANTE: WINNT / user / install [(7790769C-0471-11d2-AF11-00C04FA35D02)] * Stubpath = "% ProgramFiles% \ Outlook Express \ setup50.exe" / APP: WAB / CHIAMANTE: WINNT / user / install [(89820200-ECBD-11cf-8B85-00AA005B4340)] * Stubpath = regsvr32.exe / s / n / i: U shell32.dll [(89820200-ECBD-11cf-8B85-00AA005B4383)] * Stubpath = C: \ WINDOWS \ system32 \ ie4uinit.exe-BaseSettings -------------------------------------------------- Enumerazione ICQ Agent Autostart apps: HKCU \ Software \ Mirabilis \ ICQ \ Agent \ Apps * Chiave del Registro di sistema non trovato * -------------------------------------------------- Carico / Esegui tasti da C: \ WINDOWS \ WIN.INI: carico =* INI sezione non trovato * eseguire =* INI sezione non trovato * Carico / Esegui chiavi del registro: HKLM \ .. \ Windows NT \ CurrentVersion \ WinLogon: load =* Registry value not found * HKLM \ .. \ Windows NT \ CurrentVersion \ WinLogon: run =* Registry value not found * HKLM \ .. \ Windows \ CurrentVersion \ WinLogon: load =* chiave del Registro di sistema non trovato * HKLM \ .. \ Windows \ CurrentVersion \ WinLogon: run =* chiave del Registro di sistema non trovato * HKCU \ .. \ Windows NT \ CurrentVersion \ WinLogon: load =* Registry value not found * HKCU \ .. \ Windows NT \ CurrentVersion \ WinLogon: run =* Registry value not found * HKCU \ .. \ Windows \ CurrentVersion \ WinLogon: load =* chiave del Registro di sistema non trovato * HKCU \ .. \ Windows \ CurrentVersion \ WinLogon: run =* chiave del Registro di sistema non trovato * HKCU \ .. \ Windows NT \ CurrentVersion \ Windows: load = HKCU \ .. \ Windows NT \ CurrentVersion \ Windows: run =* Registry value not found * HKLM \ .. \ Windows NT \ CurrentVersion \ Windows: load =* Registry value not found * HKLM \ .. \ Windows NT \ CurrentVersion \ Windows: run =* Registry value not found * HKLM \ .. \ Windows NT \ CurrentVersion \ Windows: AppInit_DLLs = -------------------------------------------------- Shell & screensaver chiave da C: \ WINDOWS \ SYSTEM.INI: Shell =* INI sezione non trovato * SCRNSAVE.EXE =* INI sezione non trovato * =* INI sezione driver non trovato * Shell & screensaver chiave dal Registro di sistema: Shell = Explorer.exe SCRNSAVE.EXE = C: \ WINDOWS \ system32 \ logon.scr =* valore del Registro di driver non trovato * Politiche Shell chiave: HKCU \ .. \ Policies: Shell =* Registry value not found * HKLM \ .. \ Policies: Shell =* Registry value not found * -------------------------------------------------- Controllo di EXPLORER.EXE casi: C: \ WINDOWS \ Explorer.exe: PRESENTE! C: \ Explorer.exe: non presente C: \ WINDOWS \ Explorer \ Explorer.exe: non presente C: \ WINDOWS \ System \ Explorer.exe: non presente C: \ WINDOWS \ System32 \ Explorer.exe: non presente C: \ WINDOWS \ COMMAND \ Explorer.exe: non presente C: \ WINDOWS \ Fonts \ Explorer.exe: non presente -------------------------------------------------- Controllo per superhidden estensioni: . lnk: HIDDEN! (arrow overlay: yes) . pif: HIDDEN! (arrow overlay: yes) . exe: non nascosta . com: non nascosta . bat: non nascosta . hta: non nascosta . scr: non nascosta . shs: HIDDEN! . shb: HIDDEN! . vbs: non nascosta . vbe: non nascosta . wsh: non nascosta . scf: HIDDEN! (arrow overlay: NO!) . url: HIDDEN! (arrow overlay: yes) . js: non nascosta . jse: non nascosta -------------------------------------------------- Verifica integrità REGEDIT.EXE: - Regedit.exe trovato in C: \ WINDOWS -. Reg aperti comando è normale (regedit.exe% 1) - OK Ragione Sociale: 'Microsoft Corporation' - Original filename OK: 'REGEDIT.EXE' - File description: 'Editor del Registro di sistema' Registro di verificare superato -------------------------------------------------- Enumerazione Browser Helper Objects: (nessun nome) - c: \ windows \ system32 \ athcfg11c.dll (file mancanti) - (51610169-C280-4F36-84AB-82D92ED1F68B) (nessun nome) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) (nessun nome) - c: \ Programmi \ Google \ googletoolbar1.dll - (AA58ED58-01DD-4d91-8333-CF10577473F7) (nessun nome) - C: \ WINDOWS \ system32 \ crypt32n.dll - (EA389261-1100-451F-8582-815CAB488AE6) -------------------------------------------------- Enumerazione Task Scheduler posti di lavoro: AppleSoftwareUpdate.job At1.job Norton Security Scan.job RegCure Programma Check.job RegCure.job -------------------------------------------------- Enumerazione Download Program Files: [Microsoft XML Parser per Java] CODEBASE = file: / / / C: / WINDOWS / Java / classi / xmldso.cab OSD = C: \ WINDOWS \ Downloaded Program Files \ Microsoft XML Parser per Java.osd [iPIX ActiveX Control] InProcServer32 = C: \ WINDOWS \ DOWNLO ~ 1 \ ipixx.ocx CODEBASE = http://www.ipix.com/download/ipixx.cab [Shockwave ActiveX Control] InProcServer32 = C: \ WINDOWS \ system32 \ Macromed \ Direttore \ SwDir.dll CODEBASE = http://fpdownload.macromedia.com/get...irector/sw.cab [MUWebControl Class] InProcServer32 = C: \ WINDOWS \ system32 \ muweb.dll CODEBASE = http://www.update.microsoft.com/micr...?1197453622703 [Java Plug-in 1.6.0_05] InProcServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll CODEBASE = http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab [(8FFBE65D-2C9C-4669-84BD-5829DC0B603C)] CODEBASE = http://fpdownload.macromedia.com/get.../ultrashim.cab [a-squared Scanner] InProcServer32 = C: \ WINDOWS \ DOWNLO ~ 1 \ asquared.ocx CODEBASE = http://ax.emsisoft.com/asquared.cab [Java Plug-in 1.5.0_06] InProcServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab [Java Plug-in 1.5.0_11] InProcServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_03] InProcServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll CODEBASE = http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_05] InProcServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll CODEBASE = http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_05] InProcServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ npjpi160_05.dll CODEBASE = http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Shockwave Flash Object] InProcServer32 = C: \ WINDOWS \ system32 \ Macromed \ Flash \ Flash9e.ocx CODEBASE = http://fpdownload2.macromedia.com/ge...sh/swflash.cab -------------------------------------------------- Enumerazione file Winsock LSP: NameSpace # 1: C: \ WINDOWS \ System32 \ mswsock.dll NameSpace # 2: C: \ WINDOWS \ System32 \ winrnr.dll NameSpace # 3: C: \ WINDOWS \ System32 \ mswsock.dll NameSpace # 4: C: \ WINDOWS \ System32 \ nwprovau.dll Protocollo n. 1: C: \ WINDOWS \ system32 \ mswsock.dll Protocollo n. 2: C: \ WINDOWS \ system32 \ mswsock.dll Protocollo n. 3: C: \ WINDOWS \ system32 \ mswsock.dll Protocollo # 4: C: \ WINDOWS \ system32 \ rsvpsp.dll Protocollo # 5: C: \ WINDOWS \ system32 \ rsvpsp.dll Protocollo # 6: C: \ WINDOWS \ system32 \ mswsock.dll Protocollo # 7: C: \ WINDOWS \ system32 \ mswsock.dll Protocollo # 8: C: \ WINDOWS \ system32 \ mswsock.dll Protocollo # 9: C: \ WINDOWS \ system32 \ mswsock.dll Protocollo # 10: C: \ WINDOWS \ system32 \ mswsock.dll Protocollo # 11: C: \ WINDOWS \ system32 \ mswsock.dll Protocollo # 12: C: \ WINDOWS \ system32 \ mswsock.dll Protocollo # 13: C: \ WINDOWS \ system32 \ mswsock.dll Protocollo # 14: C: \ WINDOWS \ system32 \ mswsock.dll Protocollo # 15: C: \ WINDOWS \ system32 \ mswsock.dll Protocollo # 16: C: \ WINDOWS \ system32 \ mswsock.dll Protocollo # 17: C: \ WINDOWS \ system32 \ mswsock.dll Protocollo # 18: C: \ WINDOWS \ system32 \ mswsock.dll Protocollo # 19: C: \ WINDOWS \ system32 \ mswsock.dll Protocollo # 20: C: \ WINDOWS \ system32 \ mswsock.dll Protocollo # 21: C: \ WINDOWS \ system32 \ mswsock.dll Protocollo # 22: C: \ WINDOWS \ system32 \ mswsock.dll Protocollo # 23: C: \ WINDOWS \ system32 \ mswsock.dll Protocollo # 24: C: \ WINDOWS \ system32 \ mswsock.dll -------------------------------------------------- Enumerazione servizi Windows NT/2000/XP Driver Microsoft ACPI: system32 \ drivers \ ACPI.sys (sistema) Microsoft Embedded Controller Driver: system32 \ drivers \ ACPIEC.sys (sistema) Atheros Configuration Service: C: \ WINDOWS \ system32 \ acs.exe (automatico) Microsoft Kernel Acoustic Echo Canceller: system32 \ drivers \ aec.sys (manuale) AFD: \ SystemRoot \ System32 \ drivers \ afd.sys (sistema) Avvisi:% SystemRoot% \ system32 \ svchost.exe-k LocalService (disabili) Application Layer Gateway Service:% SystemRoot% \ System32 \ alg.exe (manuale) Application Management:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (manuale) Atheros Wireless Network Adapter Service: system32 \ drivers \ ar5211.sys (manuale) ASP.NET membro del servizio:% SystemRoot% \ Microsoft.NET \ Framework \ v1.1.4322 \ asp net_state.exe (manuale) RAS asincrono Media Driver: system32 \ drivers \ asyncmac.sys (manuale) Standard IDE / ESDI Hard Disk Controller: system32 \ drivers \ Atapi.sys (sistema) Ati Hotkey Poller:% SystemRoot% \ system32 \ Ati2evxx.exe (automatico) ati2mtag: system32 \ drivers \ ati2mtag.sys (manuale) Cliente protocollo ARP ATM: system32 \ drivers \ atmarpc.sys (manuale) Audio Windows:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Stub Audio Driver: system32 \ drivers \ audstub.sys (manuale) AVG Anti-Spyware Driver: \? \ C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.sys (sistema) AVG Anti-Spyware Guard: C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe (autostart) AVG7 Alert Manager Server: C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe (automatico) AVG7 Kernel: \ SystemRoot \ System32 \ Drivers \ avg7core.sys (sistema) AVG7 Wrap Driver: \ SystemRoot \ System32 \ Drivers \ avg7rsw.sys (sistema) AVG7 Resident Driver XP: \ SystemRoot \ System32 \ Drivers \ avg7rsxp.sys (sistema) AVG7 Update Service: C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe (automatico) AVG Anti-Spyware Clean Driver: System32 \ DRIVERS \ AvgAsCln.sys (sistema) AVG7 Clean Driver: \ SystemRoot \ System32 \ Drivers \ avgclean.sys (sistema) Servizio trasferimento intelligente in background:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) Accesso 32bits int15 routine: system32 \ drivers \ BoiHwSetup.sys (manuale) BrSplService: C: \ WINDOWS \ system32 \ brsvc01a.exe (automatico) Browser di computer:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) Logical Disk Manager Monitor:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Conexant AMC ambientale 3D Audio: system32 \ drivers \ camc6aud.sys (manuale) CAMCHALA: system32 \ drivers \ camc6hal.sys (manuale) CD-ROM Driver: system32 \ drivers \ cdrom.sys (sistema) ConfigFree Service: C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe (automatico) Servizio di indicizzazione:% SystemRoot% \ system32 \ cisvc.exe (manuale) ClipBook:% SystemRoot% \ system32 \ clipsrv.exe (disabili) Microsoft ACPI metodo di controllo della batteria Driver: system32 \ drivers \ CmBatt.sys (manuale) Microsoft composito batteria Driver: system32 \ drivers \ compbatt.sys (sistema) Applicazione di sistema COM +: C: \ WINDOWS \ system32 \ Dllhost.exe / Processid: (02D4B3F1-FD88-11D1-960D-00805FC79235) (manuale) Servizi di crittografia:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) DCOM Server Process Launcher:% SystemRoot% \ system32 \ svchost-k DcomLaunch (automatico) DHCP Client:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) Disco Driver: system32 \ drivers \ disk.sys (sistema) DLABOIOM: System32 \ DLA \ DLABOIOM.SYS (automatico) DLACDBHM: System32 \ Drivers \ DLACDBHM.SYS (sistema) DLADResN: System32 \ DLA \ DLADResN.SYS (automatico) DLAIFS_M: System32 \ DLA \ DLAIFS_M.SYS (automatico) DLAOPIOM: System32 \ DLA \ DLAOPIOM.SYS (automatico) DLAPoolM: System32 \ DLA \ DLAPoolM.SYS (automatico) DLARTL_N: System32 \ Drivers \ DLARTL_N.SYS (sistema) DLAUDFAM: System32 \ DLA \ DLAUDFAM.SYS (automatico) DLAUDF_M: System32 \ DLA \ DLAUDF_M.SYS (automatico) Logical Disk Manager amministrativo Service:% SystemRoot% \ System32 \ dmadmin.exe / com (manuale) dmboot: System32 \ drivers \ dmboot.sys (disabili) Logical Disk Manager Driver: System32 \ drivers \ dmio.sys (sistema) dmload: System32 \ drivers \ dmload.sys (sistema) Gestione dischi logici:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Microsoft Kernel DLS Syntheiszer: system32 \ drivers \ DMusic.sys (manuale) DNINDIS5 protocollo NDIS Driver: \? \ C: \ PROGRA ~ 1 \ Belkin \ Belkin 1.11G ~ \ DNINDIS5.SYS (manuale) Client DNS:% SystemRoot% \ system32 \ svchost.exe-k NetworkService (automatico) Microsoft Kernel DRM Descrambler Audio: system32 \ drivers \ drmkaud.sys (manuale) DRVMCDB: System32 \ Drivers \ DRVMCDB.SYS (sistema) DRVNDDM: System32 \ Drivers \ DRVNDDM.SYS (automatico) Error Reporting Service:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Event Log:% SystemRoot% \ system32 \ services.exe (autostart) COM + Event System: C: \ WINDOWS \ system32 \ svchost.exe-k netsvcs (manuale) Compatibilità Cambio rapido utente:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (manuale) FltMgr: system32 \ drivers \ fltMgr.sys (sistema) Volume Manager Driver: system32 \ drivers \ ftdisk.sys (sistema) Generic Packet Classifier: system32 \ drivers \ msgpc.sys (manuale) GTNDIS5 protocollo NDIS Driver: \? \ C: \ WINDOWS \ system32 \ GTNDIS5.SYS (manuale) Google Updater Service: "C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe" (manuale) Guida in linea e supporto:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Human Interface Device Access:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (disabili) Driver di classe HID Microsoft: system32 \ drivers \ hidusb.sys (manuale) hlkvythd: system32 \ drivers \ vzrpdamf.dat (sistema) HSFHWATI: system32 \ drivers \ HSFHWATI.sys (manuale) HSF_DPV: system32 \ drivers \ HSF_DPV.sys (manuale) HTTP: System32 \ Drivers \ HTTP.sys (manuale) HTTP SSL:% SystemRoot% \ System32 \ svchost.exe-k HTTPFilter (manuale) i8042 Tastiera e mouse PS / 2 Port Driver: system32 \ drivers \ i8042prt.sys (sistema) InstallDriver Table Manager: "C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe" (manuale) Masterizzazione di CD-Filter Driver: system32 \ drivers \ imapi.sys (sistema) COM di masterizzazione CD IMAPI Servizio: C: \ WINDOWS \ system32 \ imapi.exe (manuale) Processore Intel Driver: system32 \ drivers \ Intelppm.sys (sistema) Driver Windows Firewall IPv6: system32 \ drivers \ Ip6Fw.sys (manuale) Driver filtro traffico IP: system32 \ drivers \ ipfltdrv.sys (manuale) IP in IP Tunnel Driver: system32 \ drivers \ ipinip.sys (manuale) IP Network Address Translator: system32 \ drivers \ Ipnat.sys (manuale) Driver IPSEC: system32 \ drivers \ ipsec.sys (sistema) IR Enumerator Service: system32 \ drivers \ irenum.sys (manuale) PnP ISA / EISA Bus Driver: system32 \ drivers \ Isapnp.sys (sistema) IVI ASPI Shell: system32 \ drivers \ iviaspi.sys (manuale) Tastiera Classe Driver: system32 \ drivers \ Kbdclass.sys (sistema) Microsoft Kernel Audio Mixer Wave: system32 \ drivers \ kmixer.sys (manuale) Server:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) Workstation:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) TCP / IP NetBIOS Helper:% SystemRoot% \ system32 \ svchost.exe-k LocalService (autostart) mdmxsdk: system32 \ drivers \ mdmxsdk.sys (automatico) Messenger:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (disabili) Condivisione desktop remoto di NetMeeting: C: \ WINDOWS \ system32 \ mnmsrvc.exe (manuale) Classe Mouse Driver: system32 \ drivers \ mouclass.sys (sistema) Mouse HID Driver: system32 \ drivers \ mouhid.sys (manuale) Client WebDAV Redirector: system32 \ drivers \ mrxdav.sys (manuale) MRxSmb: system32 \ drivers \ Mrxsmb.sys (sistema) Distributed Transaction Coordinator: C: \ WINDOWS \ system32 \ msdtc.exe (manuale) Windows Installer: C: \ WINDOWS \ system32 \ msiexec.exe / V (manuale) Microsoft Streaming Service Proxy: system32 \ drivers \ MSKSSRV.sys (manuale) Microsoft Streaming Clock Proxy: system32 \ drivers \ MSPCLOCK.sys (manuale) Microsoft Streaming Quality Manager Proxy: system32 \ drivers \ MSPQM.sys (manuale) Microsoft System Management BIOS Driver: system32 \ drivers \ mssmbios.sys (manuale) TAPI NDIS di accesso remoto Driver: system32 \ drivers \ ndistapi.sys (manuale) NDIS Usermode di I / O protocollo: system32 \ drivers \ ndisuio.sys (manuale) Accesso remoto NDIS WAN Driver: system32 \ drivers \ Ndiswan.sys (manuale) Interfaccia NetBIOS: system32 \ drivers \ netbios.sys (sistema) NetBIOS su Tcpip: system32 \ drivers \ Netbt.sys (sistema) DDE di rete:% SystemRoot% \ system32 \ netdde.exe (disabili) DDE DSDM di rete:% SystemRoot% \ system32 \ netdde.exe (disabili) TOSHIBA Network Device Usermode di I / O protocollo: system32 \ drivers \ netdevio.sys (automatico) Accesso rete:% SystemRoot% \ system32 \ lsass.exe (autostart) Connessioni di rete:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (manuale) Location Awareness Network (NLA):% SystemRoot% \ system32 \ svchost.exe-k netsvcs (manuale) NT LM Security Support Provider:% SystemRoot% \ system32 \ lsass.exe (manuale) Archivi rimovibili:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (manuale) Client Service for NetWare:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) IPX Traffic Filter Driver: system32 \ drivers \ nwlnkflt.sys (manuale) IPX Traffic spedizionieri Driver: system32 \ drivers \ nwlnkfwd.sys (manuale) NWLink IPX / SPX / NetBIOS Compatible Transport Protocol: system32 \ drivers \ nwlnkipx.sys (automatico) NWLink NetBIOS: system32 \ drivers \ nwlnknb.sys (automatico) NWLink SPX / SPXII protocollo: system32 \ drivers \ nwlnkspx.sys (automatico) NetWare Rdr: system32 \ drivers \ nwrdr.sys (manuale) Office Source Engine: "C: \ Program Files \ Common Files \ Microsoft Shared \ Source Engine \ OSE.EXE" (manuale) Bus PCI Driver: system32 \ drivers \ Pci.sys (sistema) PCIIde: system32 \ drivers \ pciide.sys (sistema) Pcmcia: system32 \ drivers \ Pcmcia.sys (sistema) Padus ASPI Shell: system32 \ drivers \ pfc.sys (manuale) Plug and Play:% SystemRoot% \ system32 \ services.exe (autostart) Servizi IPSEC:% SystemRoot% \ system32 \ lsass.exe (autostart) WAN Miniport (PPTP): system32 \ drivers \ Raspptp.sys (manuale) Archiviazione protetta:% SystemRoot% \ system32 \ lsass.exe (autostart) QoS Packet Scheduler: system32 \ drivers \ psched.sys (manuale) Driver Parallel Direct Link: system32 \ drivers \ ptilink.sys (manuale) PxHelp20: System32 \ Drivers \ PxHelp20.sys (sistema) Quanta tastiera Hotkey filtro Driver: system32 \ drivers \ qkbfiltr.sys (manuale) Quanta Hotkey Mouse Filter Driver: system32 \ drivers \ qmofiltr.sys (manuale) Remote Access Auto Connection Driver: system32 \ drivers \ rasacd.sys (sistema) Remote Access Auto Connection Manager:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (manuale) WAN Miniport (L2TP): system32 \ drivers \ rasl2tp.sys (manuale) Connection Manager di Accesso remoto:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (manuale) Accesso remoto PPPoE Driver: system32 \ drivers \ raspppoe.sys (manuale) Direct Parallel: system32 \ drivers \ raspti.sys (manuale) Rdbss: system32 \ drivers \ Rdbss.sys (sistema) RDPCDD: System32 \ DRIVERS \ RDPCDD.sys (sistema) Terminal Server Redirector Device Driver: system32 \ drivers \ rdpdr.sys (manuale) Remote Desktop Help Session Manager: C: \ WINDOWS \ system32 \ sessmgr.exe (manuale) Digital Audio CD Riproduzione filtro Driver: system32 \ drivers \ Redbook.sys (sistema) Routing e Accesso remoto:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (disabili) Registro di sistema remoto:% SystemRoot% \ system32 \ svchost.exe-k LocalService (autostart) RPC (Remote Procedure Call) Locator:% SystemRoot% \ System32 \ Locator.exe (manuale) RPC (Remote Procedure Call):% SystemRoot% \ system32 \ svchost-k RPCSS (automatico) QoS RSVP:% SystemRoot% \ system32 \ rsvp.exe (manuale) Belkin Wireless RT2500 Driver: system32 \ drivers \ RT61.sys (manuale) Realtek 10/100/1000 NIC Family tutto in uno NDIS XP Driver: system32 \ drivers \ Rtlnicxp.sys (manuale) Realtek RTL8139 (A / B / C) a base PCI Fast Ethernet Adapter NT Driver: system32 \ drivers \ RTL8139.SYS (manuale) Gestione account di protezione:% SystemRoot% \ system32 \ lsass.exe (autostart) Smart card:% SystemRoot% \ System32 \ SCardSvr.exe (manuale) Task Scheduler:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Secdrv: system32 \ drivers \ secdrv.sys (manuale) Accesso secondario:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Notifica eventi di sistema:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) Sitecom driver della porta seriale: system32 \ drivers \ ser2pl.sys (manuale) Filtro Serenum Driver: system32 \ drivers \ serenum.sys (manuale) Alta Capacità Floppy Disk Drive: system32 \ drivers \ sfloppy.sys (manuale) Windows Firewall / Condivisione connessione Internet (ICS):% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) Shell Hardware Detection:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Microsoft Kernel Audio Splitter: system32 \ drivers \ Splitter.sys (manuale) Spooler di stampa:% SystemRoot% \ system32 \ spoolsv.exe (autostart) Ripristino configurazione di sistema del filtro Driver: system32 \ drivers \ sr.sys (sistema) Servizio Ripristino configurazione di sistema:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) Srv: system32 \ drivers \ Srv.sys (manuale) SSDP Discovery Service:% SystemRoot% \ system32 \ svchost.exe-k LocalService (manuale) Serial Digital Still Camera Driver: system32 \ drivers \ serscan.sys (manuale) Windows Image Acquisition (WIA):% SystemRoot% \ system32 \ svchost.exe-k imgsvc (automatico) Software Bus Driver: system32 \ drivers \ swenum.sys (manuale) Microsoft GS Wavetable Synthesizer Kernel: system32 \ drivers \ swmidi.sys (manuale) MS Software Shadow Copy Provider: C: \ WINDOWS \ system32 \ Dllhost.exe / Processid: (6C222AAE-7AD3-43BE-AC4B-02239FF8DEC6) (manuale) Synaptics Touchpad Driver: system32 \ drivers \ SynTP.sys (manuale) Microsoft Kernel System Audio Device: system32 \ drivers \ sysaudio.sys (manuale) Avvisi e registri di prestazioni:% SystemRoot% \ system32 \ smlogsvc.exe (manuale) Telefonia:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (manuale) Protocollo TCP / IP Driver: system32 \ drivers \ tcpip.sys (system) Terminal Device Driver: system32 \ drivers \ termdd.sys (sistema) Servizi terminal:% SystemRoot% \ System32 \ svchost-k DComLaunch (manuale) Temi:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Telnet: C: \ WINDOWS \ system32 \ tlntsvr.exe (disabili) tmcomm: \? \ C: \ WINDOWS \ system32 \ drivers \ tmcomm.sys (automatico) Manutenzione collegamenti distribuiti client:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) Microcode Update Driver: system32 \ drivers \ update.sys (manuale) Universal Plug and Play Device Host:% SystemRoot% \ system32 \ svchost.exe-k LocalService (manuale) Uninterruptible Power Supply:% SystemRoot% \ System32 \ Ups.exe (manuale) Microsoft USB Generic Parent Driver: system32 \ drivers \ usbccgp.sys (manuale) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32 \ drivers \ Usbehci.sys (manuale) USB2 Enabled Hub: system32 \ drivers \ Usbhub.sys (manuale) Microsoft USB Open Host Controller Miniport Driver: system32 \ drivers \ usbohci.sys (manuale) Microsoft stampante USB Classe: system32 \ drivers \ usbprint.sys (manuale) Driver scanner USB: system32 \ drivers \ usbscan.sys (manuale) USB Mass Storage Driver: system32 \ drivers \ Usbstor.sys (manuale) Linksys Wireless-G USB Network Adapter con SpeedBooster Driver v2: system32 \ drivers \ usb8023.sys (manuale) VgaSave: \ SystemRoot \ System32 \ drivers \ vga.sys (sistema) Copia Shadow del volume:% SystemRoot% \ System32 \ vssvc.exe (manuale) Ora di Windows:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Accesso Remoto IP ARP Driver: system32 \ drivers \ wanarp.sys (manuale) Windows CE USB Serial Host Driver: system32 \ drivers \ wceusbsh.sys (manuale) Microsoft WINMM WDM Audio Compatibilità Driver: system32 \ drivers \ wdmaud.sys (manuale) WebClient:% SystemRoot% \ system32 \ svchost.exe-k LocalService (autostart) winachsf: system32 \ drivers \ HSF_CNXT.sys (manuale) Strumentazione gestione Windows:% systemroot% \ system32 \ svchost.exe-k netsvcs (autostart) Portable Media Serial Number Service:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (manuale) Windows Management Instrumentation Driver estensioni:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (manuale) WMI Performance Adapter: C: \ WINDOWS \ system32 \ wbem \ wmiapsrv.exe (manuale) Windows Media Player Network Sharing Service: "C: \ Program Files \ Windows Media Player \ WMPNetwk.exe" (manuale) Windows Socket 2,0 non IFS Service Provider Supporto Ambiente: \ SystemRoot \ System32 \ drivers \ ws2ifsl.sys (disabili) Security Center:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Aggiornamenti automatici:% systemroot% \ system32 \ svchost.exe-k netsvcs (autostart) Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32 \ drivers \ WudfPf.sys (manuale) Windows Driver Foundation - User-mode Driver Framework Reflector: system32 \ drivers \ wudfrd.sys (manuale) Windows Driver Foundation - User-mode Driver Framework:% SystemRoot% \ system32 \ svchost.exe-k WudfServiceGroup (manuale) Zero Configuration reti senza fili:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Network Provisioning Service:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (manuale) -------------------------------------------------- Enumerazione di Windows NT logon / logoff scripts: * N. script impostato per eseguire * Windows NT checkdisk comando: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: * Registro * valore non trovato -------------------------------------------------- Enumerazione ShellServiceObjectDelayLoad items: PostBootReminder: C: \ WINDOWS \ system32 \ shell32.dll CDBurn: C: \ WINDOWS \ system32 \ shell32.dll WebCheck: C: \ WINDOWS \ system32 \ Webcheck.dll Systray: C: \ WINDOWS \ system32 \ stobject.dll UPnPMonitor: C: \ WINDOWS \ system32 \ upnpui.dll WPDShServiceObj: C: \ WINDOWS \ system32 \ WPDShServiceObj.dll -------------------------------------------------- Le voci di autorun da registro: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ pol icies \ Explorer \ Run * N. valori trovato * -------------------------------------------------- Le voci di autorun da registro: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ pol icies \ Explorer \ Run * N. valori trovato * -------------------------------------------------- Fine della relazione, 38242 bytes Relazione generata in 0,266 secondi Opzioni della riga di comando: / verbose - per aggiungere ulteriori informazioni su ciascuna sezione / completa - a includere sezioni vuote e unsuspicious dati / pieno - a includere più di rado importanti sezioni / force9x - includere Win9x-start-up, anche se solo in esecuzione su WinNT / forcent - includere WinNT-start-up, anche se solo in esecuzione su Win9x / forceall - a includere tutti i Win9x e WinNT avvii, indipendentemente dalla piattaforma / storia - per elencare solo versione storia |
|
#4
25 marzo 2008, 14:47
|
|||
|
|||
|
Trojan Horse
Thats lista di avvio da HJT che è utile, ma ho bisogno principali scansione.
Apri HJT e selezionare il Eseguire una scansione del sistema e salvare un file di log pulsante. Post che si prega di log.
__________________
|
|
#5
27 marzo 2008, 12:47
|
|||
|
|||
|
Trojan Horse
Salve,
Scusa se mi sembrano lenti nel rispondere, ma sto avendo difficoltà a salvare la scansione! Sono stato a HJT eseguire 'Eseguire una scansione del sistema e salvare un file di log, ma quando si tenta di aprire un file di log che non. L'unico modo per vedere di fornire queste informazioni è se salvare una copia dello schermo, ma al posto che sarà un grosso file pensa che questa sia una buona idea o c'è qualcos'altro che posso provare? Saluti Ian A |
|
#6
27 marzo 2008, 12:58
|
|||
|
|||
|
Trojan Horse
Prova questo post e invece il log da esso.
Scaricare Deckard's System Scanner (DSS) al tuo Desktop. Nota: Devi essere registrato su un account con privilegi di amministratore.
Che cosa farà DSS:
__________________
|
|
#7
28 marzo 2008, 14:41
|
|||
|
|||
|
Trojan Horse
Salve
Io devo pensare! Ho cercato di andare a caldo link Deckards scanner ma non riesco a trovare il dss.exe. Deckards mi chiede di iscriversi a un altro sito web forum simili a quella che ho già su Si prega di spiegare Ian |
|
#8
28. Marzo 2008, 14:46
|
|||
|
|||
|
Trojan Horse
Usa questo link. http://www.techsupportforum.com/sect...eckard/dss.exe
__________________
|
|
#9
7a aprile 2008, 00:56
|
|||
|
|||
|
Trojan Horse
Ciao,
Scusa se a volte mi hanno dato indietro, ma sono stato via Ho ora è riuscita a fare la scansione e qui sono i risultati Ripristino configurazione di sistema ------------------------------------------------ -------------- Creato con successo un Deckard's System Scanner Restore Point. - Ultimi 5 punto di ripristino (s) -- 49: 2008-04-07 07:50:49 UTC - RP160 - Deckard's System Scanner Restore Point 48: 2008-04-07 06:07:59 UTC - RP159 - Sistema di controllo 47: 2008-04-01 17:50:42 UTC - RP158 - Sistema di controllo 46: 2008-03-28 20:48:03 UTC - RP157 - Installed SUPERAntiSpyware Free Edition 45: 2008-03-28 19:02:25 UTC - RP156 - Sistema di controllo - Primo punto di ripristino -- 1: 2008-01-04 07:54:54 UTC - RP112 - Sistema di controllo Il backup del Registro di alveari. Performed Pulitura disco. Percentuale di memoria in uso: 76% (più del 75%). Total Physical Memory: 447 MiB (512 MiB consigliata). - HijackThis (gestito come iana.exe) ---------------------------------------- -------- Logfile di Trend Micro HijackThis v2.0.2 Scan salvato in 08:52:30, a 07/04/2008 Piattaforma: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Processi in esecuzione: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ brsvc01a.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ WINDOWS \ system32 \ brss01a.exe C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ Explorer.EXE C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe C: \ Program Files \ Toshiba \ Windows Utilities \ Hotkey.exe C: \ WINDOWS \ system32 \ TPSMain.exe C: \ Program Files \ Synaptics \ SynTP \ Toshiba.exe C: \ Program Files \ TOSHIBA \ ConfigFree \ NDSTray.exe C: \ Program Files \ TOSHIBA \ TOSHIBA Zoommare Utility \ SmoothView.exe C: \ Program Files \ TOSHIBA \ Touch e Launch \ PadExe.exe C: \ WINDOWS \ System32 \ DLA \ DLACTRLW.EXE C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSServ.exe C: \ Program Files \ Atheros \ ACU.exe C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe C: \ Program Files \ QuickTime \ qttask.exe C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ OpwareSE2.exe C: \ Program Files \ TOSHIBA \ TOSCDSPD \ toscdspd.exe C: \ WINDOWS \ system32 \ ctfmon.exe C: \ Program Files \ Messenger \ msmsgs.exe C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe C: \ WINDOWS \ system32 \ TPSBattM.exe C: \ Program Files \ FinePixViewer \ QuickDCF.exe C: \ Program Files \ TOSHIBA \ ConfigFree \ CFXFER.exe C: \ Program Files \ Internet Explorer \ iexplore.exe C: \ Program Files \ Adobe \ Acrobat 6.0 \ Reader \ AcroRd32.exe C: \ WINDOWS \ system32 \ WISPTIS.EXE C: \ Documents and Settings \ iana \ Impostazioni locali \ Temporary Internet Files \ Content.IE5 \ EL9EICW6 \ dss [1]. Exe C: \ PROGRA ~ 1 \ TRENDM ~ 1 \ hijack ~ 1 \ iana.exe R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.co.uk/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant = R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch = R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int Ethernet Impostazioni, ProxyServer = flotechsvr: 8080 O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll O2 - BHO: (no name) - (51610169-C280-4F36-84AB-82D92ED1F68B) - c: \ windows \ system32 \ athcfg11c.dll (file mancanti) O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ Programmi \ Google \ googletoolbar1.dll O2 - BHO: (no name) - (EA389261-1100-451F-8582-815CAB488AE6) - C: \ WINDOWS \ system32 \ crypt32n.dll O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Programmi \ Google \ googletoolbar1.dll O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe O4 - HKLM \ .. \ Run: [Toshiba Hotkey Utility] "C: \ Program Files \ Toshiba \ Windows Utilities \ Hotkey.exe" / lang it O4 - HKLM \ .. \ Run: [TPSMain] TPSMain.exe O4 - HKLM \ .. \ Run: [NDSTray.exe] NDSTray.exe O4 - HKLM \ .. \ Run: [SmoothView] C: \ Program Files \ TOSHIBA \ TOSHIBA Zoommare Utility \ SmoothView.exe O4 - HKLM \ .. \ Run: [PadTouch] C: \ Program Files \ TOSHIBA \ Touch e Launch \ PadExe.exe O4 - HKLM \ .. \ Run: [DLA] C: \ WINDOWS \ System32 \ DLA \ DLACTRLW.EXE O4 - HKLM \ .. \ Run: [CFSServ.exe] CFSServ.exe-NoClient O4 - HKLM \ .. \ Run: [REGSHAVE] C: \ Program Files \ REGSHAVE \ REGSHAVE.EXE / AUTORUN O4 - HKLM \ .. \ Run: [ACU] "C: \ Program Files \ Atheros \ ACU.exe"-nogui O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe" / minimizzate O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [OpwareSE2] "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ OpwareSE2.exe" O4 - HKLM \ .. \ Run: [OPSE promemoria] "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ EregEng \ Ereg.exe"-r "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ EregEng \ ereg . ini " O4 - HKCU \ .. \ Run: [TOSCDSPD] C: \ Program Files \ TOSHIBA \ TOSCDSPD \ toscdspd.exe O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe O4 - HKCU \ .. \ Run: [PnPUI Registrator] C: \ Program Files \ Common Files \ Sitecom Shared \ PnP Universal Installer \ PnPUIReg.exe-s O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SERVIZIO LOCALE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE') O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM') O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user') O4 - Global Startup: Exif Launcher.lnk = C: \ Program Files \ FinePixViewer \ QuickDCF.exe O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office \ OSA9.exe O9 - Extra pulsante: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll O9 - Extra pulsante: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MI05E6 ~ 1 \ Office11 \ REFIEBAR.DLL O9 - Extra pulsante: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe Ø10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ nwprovau.dll O14 - IERESET.INF: START_PAGE_URL = http://companyweb Ø16 - DPF: (11260943-421b-11D0-8EAC-0000C07D88CF) (iPIX ActiveX Control) -- http://www.ipix.com/download/ipixx.cab Ø16 - DPF: (6E32070A-766D-4EE6-879c-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1197453622703 Ø16 - DPF: (8AD9C840-044E-11D1-B3E9-00805F499D93) (Java Runtime Environment 1.6.0) -- http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab Ø16 - DPF: (BB21F850-63F4-4EC9-BF9D-565BD30C9AE9) (a-squared Scanner) -- http://ax.emsisoft.com/asquared.cab Ø16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab O17 - HKLM \ System \ CCS \ Services \ Tcpip \ Parameters: Domain = flotech.local O17 - HKLM \ Software \ .. \ Telephony: DomainName = flotech.local O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (3C838800-1126-48EC-8092-81CB4BD5BA88): NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM \ System \ CS1 \ Services \ Tcpip \ Parameters: Domain = flotech.local O17 - HKLM \ System \ CS1 \ Services \ Tcpip \ Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM \ System \ CS1 \ Services \ Tcpip \ .. \ (3C838800-1126-48EC-8092-81CB4BD5BA88): NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM \ System \ CS3 \ Services \ Tcpip \ Parameters: Domain = flotech.local O17 - HKLM \ System \ CS3 \ Services \ Tcpip \ Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM \ System \ CS3 \ Services \ Tcpip \ .. \ (3C838800-1126-48EC-8092-81CB4BD5BA88): NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM \ System \ CCS \ Services \ Tcpip \ Parameters: NameServer = 208.67.220.220,208.67.222.222 Ø20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll Ø20 - Winlogon Notify: detcdzqc - athcfg11c.dll (file mancanti) O23 - Service: Atheros Configuration Service (ACS) - Sconosciuto proprietario - C: \ WINDOWS \ system32 \ acs.exe O23 - Service: Ati Hotkey Poller - ATI Technologies Inc. - C: \ WINDOWS \ system32 \ Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C: \ WINDOWS \ system32 \ brsvc01a.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe -- Fine del file - 9862 bytes - Diciture di HijackThis fisso (C: \ PROGRA ~ 1 \ TRENDM ~ 1 \ hijack ~ 1 \ backup \) ----------- backup-20071217-070814-188 O4 - HKLM \ .. \ Run: [\ \ wks-216 \ EPSON Stylus C46 Series] C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_S4I0T 1.EXE / P33 "\ \ Wks-216 \ EPSON Stylus C46 Series "/ O6" USB002 "/ M" Stylus C46 " backup-20071217-071110-763 ø16 - DPF: (935F9B04-0C7B-4454-A391-348C54AD7ADD) (Jolly Bear Games Player) -- http://games.bigfishgames.com/en_big...GamePlayer.cab backup-20071219-071455-100 ø20 - Winlogon Notify: detcdzqc - C: \ WINDOWS \ SYSTEM32 \ athcfg11c.dll backup-20071219-071455-320 O4 - Global Startup: EPSON Status Monitor 3 Environment Check (3). lnk = C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ E_SRCV0 3.exe backup-20071219-071455-780 O2 - BHO: (no name) - (EA389261-1100-451F-8582-815CAB488AE6) - C: \ WINDOWS \ system32 \ crypt32n.dll backup-20080327-194111-931 O2 - BHO: (no name) - (51610169-C280-4F36-84AB-82D92ED1F68B) - c: \ windows \ system32 \ athcfg11c.dll (file mancanti) backup-20080327-194139-797 O2 - BHO: (no name) - (EA389261-1100-451F-8582-815CAB488AE6) - C: \ WINDOWS \ system32 \ crypt32n.dll backup-20080327-194247-663 O2 - BHO: (no name) - (EA389261-1100-451F-8582-815CAB488AE6) - C: \ WINDOWS \ system32 \ crypt32n.dll - Associazioni di file ---------------------------------------------- ------------- . txt - NetLog.Document - DefaultIcon - C: \ EPICOM ~ 1,02 \ EPICom2.02 \ EPICOM ~ 1.EXE, 8 . txt - NetLog.Document - shell \ open \ command - C: \ EPICOM ~ 1,02 \ EPICom2.02 \ EPICOM ~ 1.EXE / DDE - Driver: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 hlkvythd - c: \ windows \ system32 \ drivers \ vzrpdamf.dat R1 SASDIFSV - C: \ Program Files \ SUPERAntiSpyware \ sasdifsv.sys R1 SASKUTIL - C: \ Program Files \ SUPERAntiSpyware \ saskutil.sys R2 MASPINT - c: \ windows \ system32 \ drivers \ maspint.sys <Non Verified; MicroStaff Co.,Ltd.; Aspi32 Driver per WinNT> R2 mdmxsdk - c: \ windows \ system32 \ drivers \ mdmxsdk.sys <Non Verified; Conexant; diagnostico Interface> R2 Netdevio (TOSHIBA Network Device Usermode di I / O Protocol) - c: \ windows \ system32 \ drivers \ netdevio.sys <Non Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol> R3 AR5211 (Atheros Wireless Network Adapter Service) - c: \ windows \ system32 \ drivers \ ar5211.sys <Non Verified; Atheros Communications, Inc.; Atheros AR5001 Wireless Network Adapter> R3 BoiHwsetup (Accesso 32bits int15 di routine) - c: \ windows \ system32 \ drivers \ boihwsetup.sys <Non Verified; Quanta Computer Corp; Toshiba HwSetup Driver> R3 CAMCAUD (Conexant AMC ambientale audio 3D) - c: \ windows \ system32 \ drivers \ camc6aud.sys <Non Verified; Conexant Conexant Inc.; Sistemi Audio Driver> R3 CAMCHALA - c: \ windows \ system32 \ drivers \ camc6hal.sys <Non Verified; Conexant Systems Inc.; Conexant AmcHal Driver> R3 HSF_DPV - c: \ windows \ system32 \ drivers \ hsf_dpv.sys <Non Verified; Conexant Systems, Inc.; SoftK56 Modem Driver> R3 HSFHWATI - c: \ windows \ system32 \ drivers \ hsfhwati.sys <Non Verified; Conexant Systems, Inc.; SoftK56 Modem Driver> R3 Iviaspi (IVI ASPI Shell) - c: \ windows \ system32 \ drivers \ iviaspi.sys <Non Verified; InterVideo, Inc.; InterVideo ASPI Shell> R3 PFC (Padus ASPI Shell) - c: \ windows \ system32 \ drivers \ pfc.sys <Non Verified; Padus, Inc.; Padus(R) ASPI Shell> R3 qkbfiltr (Quanta tastiera Hotkey driver filtro) - c: \ windows \ system32 \ drivers \ qkbfiltr.sys <Non Verified; Quanta Computer, Inc.; Quanta Hotkey filtro Tastiera Driver> R3 qmofiltr (Quanta Hotkey Mouse Filter Driver) - c: \ windows \ system32 \ drivers \ qmofiltr.sys <Non Verified; Quanta Computer, Inc.; Quanta Mouse Filter Device Driver> R3 SASENUM - C: \ Program Files \ SUPERAntiSpyware \ sasenum.sys <Non Verified; SuperAdBlocker, Inc.; SuperAntiSpyware> R3 winachsf - c: \ windows \ system32 \ drivers \ hsf_cnxt.sys <Non Verified; Conexant Systems, Inc.; SoftK56 Modem Driver> S3 DNINDIS5 (DNINDIS5 protocollo NDIS Driver) - c: \ progra ~ 1 \ Belkin \ Belkin 1.11g ~ \ dnindis5.sys (file mancanti) S3 GTNDIS5 (GTNDIS5 protocollo NDIS Driver) - c: \ windows \ system32 \ gtndis5.sys (file mancanti) S3 RT61 (RT2500 Belkin Wireless Driver) - c: \ windows \ system32 \ drivers \ rt61.sys (file mancanti) S3 Ser2pl (Sitecom driver della porta seriale) - c: \ windows \ system32 \ drivers \ ser2pl.sys <Non Verified; Prolific Technology Inc.; Prolific USB-to-Serial Ponte Cable> S3 wceusbsh (Windows CE USB Serial Host Driver) - c: \ windows \ system32 \ drivers \ wceusbsh.sys <Non Verified; Microsoft Corporation; Windows CE USB Serial Host Driver> - Servizi: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-disabili -------------------- R2 CFSvcs (ConfigFree Service) - C: \ Program Files \ Toshiba \ configfree \ cfsvcs.exe <Non Verified; TOSHIBA CORPORATION; ConfigFree(TM)> S2 ACS (Atheros Configuration Service) - c: \ windows \ system32 \ acs.exe - Gestione periferiche: disabili -------------------------------------------- -------- N. disabili dispositivi trovati. - Operazioni pianificate ---------------------------------------------- --------------- 2008-04-07 06:48:40 436 - a ------ C: \ WINDOWS \ Tasks \ RegCure Programma Check.job 2008-04-04 12:33:04 438 - a ------ C: \ WINDOWS \ Tasks \ At1.job 2008-03-15 17:25:00 284 - a ------ C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job 2008-01-31 16:37:13 370 - a ------ C: \ WINDOWS \ Tasks \ RegCure.job - File creato tra 2008/03/07 e 2008/04/07 ----------------------------- 2008-03-28 21:48:16 0 d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ SUPERAntiSpyware.com 2008-03-28 21:48:05 0 d -------- C: \ Program Files \ SUPERAntiSpyware 2008-03-28 21:48:05 0 d -------- C: \ Documents and Settings \ iana \ Dati applicazioni \ SUPERAntiSpyware.com 2008-03-28 21:47:28 0 d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard - Relazione Find3M ---------------------------------------------- ----------------- 2008-04-07 06:51:23 0 d -------- C: \ Documents and Settings \ iana \ Dati applicazioni \ AVG7 2008-04-04 16:30:58 0 d -------- C: \ Program Files \ Hansa52Client 2008-04-04 15:41:49 0 d -------- C: \ Documents and Settings \ iana \ Dati applicazioni \ AdobeUM 2008-03-28 21:47:28 0 d -------- C: \ Programmi \ File comuni 2008-03-25 10:03:27 0 d -------- C: \ Program Files \ Common Files \ Adobe 2008-03-25 09:31:28 0 d -------- C: \ Program Files \ Common Files \ Symantec Shared 2008-03-05 15:04:08 0 d -------- C: \ Program Files \ Canon 2008-03-05 11:57:28 0 d -------- C: \ Program Files \ Java 2008-02-25 09:26:29 0 d -------- C: \ Documents and Settings \ iana \ Dati applicazioni \ ScanSoft 2008-02-25 09:26:26 0 d -------- C: \ Programmi \ File comuni \ ScanSoft Shared 2008-02-25 09:25:40 0 d -------- C: \ Program Files \ ScanSoft 2008-02-25 08:32:09 0 d -------- C: \ Program Files \ Google 2008-02-21 18:33:48 0 d -------- C: \ Program Files \ MumbleJumble 2008-02-21 18:10:04 0 d -------- C: \ Program Files \ Mahjong Deluxe 2008-02-21 12:06:28 0 d -------- C: \ Program Files \ RogueRemover FREE 2008-02-21 12:04:40 0 d -------- C: \ Program Files \ Le mura di Gerico 2008-02-21 12:04:31 0 d -------- C: \ Program Files \ HP Creative Idea CD 2008-02-21 12:04:11 0 d -------- C: \ Program Files \ XviD 2008-02-21 12:03:54 0 d -------- C: \ Program Files \ RegCure 2008-02-21 12:02:55 0 d -------- C: \ Program Files \ rimozione Man 2008-02-21 12:02:55 0 d -------- C: \ Program Files \ Polarkubes 2008-02-21 12:01:40 0 d -------- C: \ Program Files \ PopCap Games 2008-02-18 19:38:17 16 - a ------ C: \ WINDOWS \ popcinfot.dat 2008-02-18 19:19:59 0 - a ------ C: \ WINDOWS \ popcreg.dat 2008-02-11 17:53:24 0 d -------- C: \ Program Files \ IDIGICON Limited 2008-01-21 18:36:58 1024 - a ------ C: \ WINDOWS \ jericho_game_ra.dat - Registro di Dump ---------------------------------------------- ----------------- * Nota * vuoto voci & legit default voci non vengono visualizzate [HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (51610169-C280-4F36-84AB-82D92ED1F68B)] [HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (EA389261-1100-451F-8582-815CAB488AE6)] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "SynTPEnh" = "C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe" [17/12/2005 00:32] "Toshiba Hotkey Utility" = "C: \ Program Files \ Toshiba \ Windows Utilities \ Hotkey.exe" [28/01/2006 05:13] "TPSMain" = "TPSMain.exe" [08/02/2006 16:02 C: \ WINDOWS \ system32 \ TPSMain.exe] "NDSTray.exe" = "NDSTray.exe" [] "SmoothView" = "C: \ Program Files \ TOSHIBA \ TOSHIBA Zoommare Utility \ SmoothView.exe" [12/05/2005 11:31] "PadTouch" = "C: \ Program Files \ TOSHIBA \ Touch e Launch \ PadExe.exe" [21/12/2005 14:52] "DLA" = "C: \ WINDOWS \ System32 \ DLA \ DLACTRLW.EXE" [06/10/2005 06:20] "CFSServ.exe" = "CFSServ.exe" [] "REGSHAVE" = "C: \ Program Files \ REGSHAVE \ REGSHAVE.exe" [04/02/2002 23:32] "ACU" = "C: \ Program Files \ Atheros \ ACU.exe" [11/07/2005 16:04] "TkBellExe" = "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [04/03/2007 17:39] "QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [01/09/2006 16:57] "! AVG Anti-Spyware" = "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe" [11/06/2007 10:25] "AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [02/01/2008 12:20] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe" [22/02/2008 05:25] "OpwareSE2" = "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ OpwareSE2.exe" [08/05/2003 12:00] "OPSE promemoria" = "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ EregEng \ Ereg.exe" [07/07/2003 10:29] "RegistryMechanic" = "" [] [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "TOSCDSPD" = "C: \ Program Files \ TOSHIBA \ TOSCDSPD \ toscdspd.exe" [11/04/2005 12:26] "ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [04/08/2004 14:00] "PnPUI Registrator" = "C: \ Program Files \ Common Files \ Sitecom Shared \ PnP Universal Installer \ PnPUIReg.exe" [22/11/2004 21:04] "MSMSGS" = "C: \ Program Files \ Messenger \ msmsgs.exe" [13/10/2004 17:24] "SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [27/02/2007 12:39] C: \ Documents and Settings \ All Users \ Menu Avvio \ Programmi \ Startup \ Exif Launcher.lnk - C: \ Program Files \ FinePixViewer \ QuickDCF.exe [09/01/2002 22:53:14] Microsoft Office.lnk - C: \ Program Files \ Microsoft Office \ Office \ OSA9.exe [21/01/2000 09:15:54] [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntversion \ Policies \ System] "DisableRegistryTools" = 0 (0x0) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Policies \ Explorer] "NoWelcomeScreen" = 1 (0x1) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [20/12/2006 13:55 77824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 27/02/2007 12:39 282624 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ detcdzqc] athcfg11c.dll [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ Lsa] "Authentication Packages" = msv1_0 nwprovau HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Svchost - NetSvcs buznlwxw [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntversion \ explorer \ mountpoints2 \ (a2fd87dd-11dc-a192-B600-0016e375ed46)] AutoRun \ command-E: \ LaunchU3.exe - Fine del Deckard's System Scanner: finito a 2008-04-07 08:53:08 ------------ Speranza tutto questo ha un senso per voi Saluti IANA |
